1. Technical Field
The present invention relates in general to data processing and in particular to computer server security. Still more particularly, the present invention relates to an improved method and system for providing server security.
2. Description of the Related Art
Partitioned enterprise computer server systems include multiple operating system (OS) partitions and software and/or firmware, referred to herein as a Hypervisor, which passes messages between the OS partitions. The Hypervisor also enables the OS partitions to communicate with a Virtual Input/Output Server (VIOS). Enterprise server systems also include software applications that provide security against incoming malicious Input/Output (I/O) traffic, such as the Internet Security Systems (ISS) security sensor (SS). As utilized herein, a SS refers to an application program that provides network intrusion detection and prevention mechanisms.
In conventional enterprise server systems, the ISS is located in the user space of each OS. Each OS partition within the enterprise server system therefore has a separate copy of the SS code in the user space of the OS. Maintaining multiple copies of the SS code for each partition is inefficient, complex, and costly to manage. Furthermore, SS code running within user space may not be able to communicate directly with a memory and/or a network adapter, thereby impairing system performance.